Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
01/07/2024, 18:29
Static task
static1
Behavioral task
behavioral1
Sample
1c0e0744ba062a6790447277ddaa24ad_JaffaCakes118.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1c0e0744ba062a6790447277ddaa24ad_JaffaCakes118.dll
Resource
win10v2004-20240226-en
General
-
Target
1c0e0744ba062a6790447277ddaa24ad_JaffaCakes118.dll
-
Size
157KB
-
MD5
1c0e0744ba062a6790447277ddaa24ad
-
SHA1
9131d98f10f75238405031cb07a3a67fb7c79629
-
SHA256
2e30cf63772ae5b39f3882fbda1090ab67c019c8aa412b4e4af34fe83ee610b4
-
SHA512
6d21d3cac2e8e8485907b898b5d152d2877c4eb6159b2fa3159554329fd9e2b5157990404917bc87cfb62240003877276c35bba2cbc213b20705b463e62d146a
-
SSDEEP
1536:Fspnu4yO4uhHIkraH67KiCf/pbTcCzODi/dTc67cBWW0GmkGFoRdTVOKfmLPj:ypnu4UkokmrTcCzOq4n7SKUb
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2928 wrote to memory of 2992 2928 rundll32.exe 28 PID 2928 wrote to memory of 2992 2928 rundll32.exe 28 PID 2928 wrote to memory of 2992 2928 rundll32.exe 28 PID 2928 wrote to memory of 2992 2928 rundll32.exe 28 PID 2928 wrote to memory of 2992 2928 rundll32.exe 28 PID 2928 wrote to memory of 2992 2928 rundll32.exe 28 PID 2928 wrote to memory of 2992 2928 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1c0e0744ba062a6790447277ddaa24ad_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2928 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1c0e0744ba062a6790447277ddaa24ad_JaffaCakes118.dll,#12⤵PID:2992
-